Capture Ruckus Wireless AP Packets with Wireshark

Have you ever needed to get more detailed in your troubleshooting of wireless networks that you had to get down to the packet level? Sometimes seeing the raw packets in Wireshark gives us all we need to diagnose a problem.

With Ruckus Wireless you can enable two kinds of packet captures straight from the web interface of the Ruckus ZoneDirector.

Local

Stream

Both modes can be selected from the AP in which you will be capturing packets. Local mode will capture packets two and from the AP and store that capture locally. You then download the capture file and open it in Wireshark.

The streaming mode allows you to use Wireshark as a remote capture. The AP streams all the packets to your laptop!

In this post I will show you how to enable packet capture mode in the Ruckus ZoneDirector for a specific AP and then stream those packets to my laptop which will be running Wireshark.

[adrotate banner=”29″]

To start capturing packets on a Ruckus AP, first log into the ZoneDirector and click on the Administer tab. Then on the left navigation click on Diagnostics.

Near the bottom of that window you will see a section labeled Packet Capture. First, select which band you want to capture on, 2.4GHz or 5GHz. Then, we will select the APs we want to run in capture mode. You can select more than one AP and do a quick search if you have many APs. Check the box next to the AP you want to capture packets on and then click on Add to Capture APs.

Each AP you add to Capture APs will show on the right side. The result is removed from the list of available APs on the left.

To begin capturing packets, select the checkbox for the AP and then select either Local Mode or Streaming Mode. In this select I chose Streaming Mode.

Then click on Start.

Now this is where it begins to get interesting.This remote capture is only available on Microsoft Windows because it uses WinPcap. The target location (Ruckus AP) will be running Remote Packet Capture Protocol. Open Wireshark and hit CTRL-K on the keyboard to bring up your Capture Options. Then click on Manage Interfaces.

When Interface Management opens up click on the Remote Interfaces tab and click Add. Here you will type in the Host IP address of the Ruckus AP you selected to become a Capture AP.

Leaving the Port field blank will default to port 2002. All other fields can remain at its default option.

After you hit OK it will add all of the Ruckus APs interfaces to the Capture Options list. Enable and disable the Capture on all interfaces to uncheck everything. Enable the interface with wlan100 for 2.4GHz, or if you selected 5GHz look for wan101.

Once you start the capture you will get a stream of packets from the Ruckus AP.